Tag: Mozilla

I stopped using Thunderbird some time ago in favor of the email client that is part of my Linux distribution. I recognize the importance of Thunderbird given how webmail has generally erode the ability for regular folks have to have secure and confidential email correspondence. I am glad to see the project find new footing and a means to sustain.

I guess I enjoy being in the tech minority: a Linux user in a Mac/Windows world, a Firefox user in a Chrome/Edge world. Detractors often cite Firefox as being a memory hog. Nice to see Mozilla taking that seriously although projects like Electrolysis and Servo which aim to thoroughly modernize the aging browser will do far more to address that complaint in the long run. In the short term being able to tweak the browser in this way isn’t a bad stepping stone.

I don’t think it is a coincidence that the first declarations of the demise of Thurderbird I saw came from TechCrunch, a site I associate with hyperbole and the worst sort of journalistic pot-stirring in the tech news sphere. Mitchell Baker’s announcement on her blog bears much closer reading, though. I think saying that the multi-platform, open source messaging client is being put on life support is overstating things. That would be like saying a long term support release of Ubuntu is the same as life support.

It is useful to bear Thunderbird’s storied past in mind when thinking about this most recent turn. Thunderbird has never been as actively developed or supported as Firefox. I still remember the very long and frustrating doldrum that was version 2. Then suddenly there seemed to be enough interest and will to try to couple it to Firefox’s recently re-invigorate development cadence. From Thunderbird 3 through the present saw a rewarding surge forward for long time users and supporters, like myself.

I tend to interpret Baker’s announcement that Mozilla is shifting away development resources as a return to that sargasso of slow development in which Thunderbird really has spent most of its time anyway. This time, there is the possibility the community will take up her invitation, to pick up the banner and move the state of the mail client forward independently. There is some cause to hope; I cite how LibreOffice rose from the ashes of the fork that birthed it, before which there was similar hand wringing about the slow death of OpenOffice.

I want to emphasize one key point in Baker’s post before I go on. Mozilla is still supporting Thunderbird, just not undertaking any new feature development. They are committed to releasing security updates. For the time being, Thunderbird is still a viable choice for those who use desktop messaging clients, like myself and even Baker herself.

I want to point out for Linux users there are a bevy of other options from mutt to Evolution and Kmail. I suspect though that each of these may be found lacking in some ways, not because of a short fall in the developers’ attention to them. I worry that there is a common cause for lack luster progress, one that arises from certain user expectations. I think we all know what may be robbing all desktop email efforts of oxygen: Gmail.

Gmail wasn’t the first webmail solution, nor is it the only one. We even have open source options, like SOGo, for those that want to combine the convenience of a web based solution with owning their own mail server. I don’t even think it is the features of Gmail that are responsible for its overpowering draw. Just pay attention every time there is a change in features or new ones launched. There is plenty of growsing and often a battery of extensions and GreaseMonkey scripts to restore older functionality.

For me there is a persisent lack in Gmail that finally drove me away for good, no reliable way to support encrypted correspondence. I don’t see that changing any time soon given Google’s focus on organizational gewgaws like priority mail.

I think it is the incredible ease of setup and use that feeds Gmail’s success at the expense of seemingly everything else. I honestly think Mozilla should address that far more directly and if they are unwilling to innovate on top of Thunderbird, perhaps it is time for them to create an open source alternative to Gmail. They have toyed with various efforts around open web applications. Above all they are committed to their role in ensuring an open Internet not through market dominance but in always ensuring that users have a choice.

If Thunderbird isn’t the choice users want, I submit Mozilla should marshal their experiences with efforts like Sync, Raindrop and Thunderbird to produce their own webmail service. I know they will never be able to scale to the size of Gmail but that isn’t the point. Creating a compelling, competitive webmail offering that expresses Mozilla’s commitment to user sovereignty, security and open standards would be worth whatever resources the plucky non-profit can spare and, I suspect, would draw far more outside support and interest if they chose to take the initiative, meeting the market dominant player head on just as Firefox continues to do.

Ryan Paul at Ars Technica has a good write up of Mozilla’s announced roadmap for Firefox in the coming year.

Some of Mozilla’s key technical priorities include improving responsiveness, integrating social sharing, refining the user interface, supporting 64-bit Windows and Android tablet form factors, finally delivering process isolation for tabs, and supporting emerging standards like CSS 3D transforms and WebSockets. In terms of features, Mozilla’s 2011 roadmap is compelling and achievable. There is room for skepticism, however, about the organization’s new release management strategy. Instead of aiming to roll all of this functionality out in a major release next year, Mozilla intends to push it out to users incrementally, using a series of three releases after the upcoming launch of Firefox 4.

I am slightly less skeptical. Mozilla has some experience with this sort of incremental, rolling release for smaller features as part of their beta process. Admittedly, the scale is smaller and the target quality isn’t the same but I think it is an incremental difference rather than a qualitative one.

Several of the items on the roadmap are also already under active development. Slating them for 2011, to specific releases draws a line in the sand. Not all of the development work is going to be from a standing start, rather it is being pressured to get to a finished and releasable state. I’ve written repeatedly about full multiprocess support in Firefox and this set of priorities may be the kick in the pants needed to finally land it.

I don’t necessarily disagree with Paul’s reasoning. He makes a good case for the benefits, mostly in the form of staying competitive and in better tune with the rapidly evolving standards space, as well as the challenges. He has more insight into Mozilla’s internal makeup and Firefox’s codebase. I suspect Mozilla will settle on the six month cycle he suggests but suspect it may need to reach farther in order to hit that stride. Undoubtedly there are bits of institutional inertia and other internal pressures prompting such aggressive planning.

The session hijack tool, Firesheep, is rightly drawing a lot of attention. I saw this ComputerWorld article, via Hacker News, that explains remarks from Mike Beltzner, the Firefox project director. Basically, Mozilla will not use its black list mechanism to block the dangerous add on. The reasoning is that it doesn’t directly exploit any security problems within the browser itself. Further the add on is not an approved one listed in Mozilla’s central registry, rather it is being directly distributed by Eric Butler, its author. Mozilla’s black list may not be effective against it as it doesn’t rely on their distribution channel.

Blocking Firesheep won’t help the issues that Butler intended it to raise. In the post about Firesheep on Mozilla’s security blog, Sid Stamm points out that Firesheep is an add on, versus a standalone software tool, is largely irrelevant. The problem has been well hashed over in a number of posts to which I’ve linked. To recap quickly while initial login requests are usually encrypted, subsequent interactions with sites like Facebook, Twitter and others are not encrypted but expose session cookies in the clear. Those cookies are what Firesheep is able to capture and use to hijack users’ sessions despite their actual login being totally secure.

EFF has another excellent write up of the lesson of Firesheep: web sites that rely on persistent identification of their users need to do more than just protect the initial login. They recommend, as I did early, use of the HTTPS Everywhere add on for Firefox. The Mozilla Security Blog post, linked above, has a few other options if you are brave enough to use the Firefox 4 beta like me.

The biggest problem I have run into with forcing SSL where I can is that many sites clearly are not tested with encryption always on. Thankfully, none of the sites I found to be broken, like Facebook, are all that important. Hopefully part of the attention Firesheep draws and the subsequent increase in users forcing SSL will pressure sites that break to provide fixes or better yet default to SSL while their users are logged in.

The fine folks at Mozilla Labs announced a pre-alpha add on for Firefox that enables recording audio and video directly from the browser.

We’ve experimented with audio recording in the browser as part of the Jetpack prototype earlier, and want to revisit the idea. There have been great strides on video playback recently, but there’s still some work to be done before users can create multimedia content for the web, on the web.

There are ways to do this already but they all require proprietary technologies like Flash and Java. What the Rainbow extension could do as it matures is suggest ways that creating media become standard features in the browser. I really like that idea, of a browser directly supporting the creation of peer media creation, not just access and sharing.

The add on only works with the Mac version of the current nightly build series. The developers are working hard to expand support to Windows, Linux and 64-bit systems. Currently Rainbow encodes Vorbis and Theora using the Ogg container though future plans include adding support for WebM/VP-8 as well as streaming.

Apologies for the second day of just links. I was in a rush to get to the local CopyNight here in DC last night. I took a sick day from work today to try to final get over this cold and have been trying to keep blogging to a minimum, too, in order to maximize my rest.

Thankfully, tonight’s podcast is an interview I recorded last week so will got out with minimum effort as scheduled.

Categories

Endorsements

"[T]houghtful, informative, and deep, a real plunge into the geeky end of the news-pool. There's great analysis and rumination, as well as detailed explanations of important security issues with common OSes and so on." -- Cory Doctorow